budge

This fragment integrates a third-party CDN-hosted self-executing script (https://www.budge.design/budge.iife.js) into multiple frameworks with no SRI/integrity pinning shown, creating a supply-chain execution risk. It also describes MutationObserver-based activation using DOM/class/style changes and optional JSON config via a hidden data-budge element, increasing runtime behavioral opacity. No direct evidence of credential theft/exfiltration is present in the shown code, but the actual IIFE content is not provided, so malicious behavior cannot be fully assessed.